Canon Paper Shredder Section 7 Canon Solutions & Regulatory Requirements

Canon isdedicated to providing the most secure multifunctional printers available on the market

today. Manyof our products meet or exceed the requirements of government agencies and private

entitiesas they relate to security certifications and industry regulations.

Beginning on July1, 2002, the Department of Defense required a broad group of commercial

hardware/software suppliersto have their products evaluated using a standard known as Common

Criteria to determine itsfitness for the department’s use.

Following the developmentof the Common Criteria, the National Institute of Standards and

Technologyand the National Security Agency, in cooperation and collaboration with the U.S. State

Department, worked closelywith their partners in the CC Project to produce a mutual recognition

arrangementfor IT security evaluations that use the Common Criteria. The Arrangement is officially

known asthe Arrangement on the Mutual Recognition of Common Criteria Certificates in the field of

IT Security. Itstates that each participant will recognize evaluationsperformed using the Common

Criteria evaluation methodologywhere product certificates have been issued by the Mutually

Recognized producing nationsfor EAL1-EAL4 evaluations. Evaluation Assurance components found in

EAL5-EAL7 are notpart of the mutual recognition arrangement.

The listof Common Criteria Recognition Arrangement members currently includes Australia, Austria,

Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, India, Israel, Italy,

Japan, Republicof Korea, Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Turkey,

United Kingdom and United States.

The Common Criteria for Information TechnologySecurity Evaluation (CC), ISO/IEC15408 Standard,

definesgeneral concepts and principles of IT security evaluation and presents a general model of

evaluation. Itpresents constructs for expressing IT security objectives, for selecting and defining IT

securityrequirements, and for writing high-level specifications for products and systems. It specifies

information securityfunctional requirements and seven predefined assurance packages, known as

Evaluated Assurance Levels(EALs), against which products' functions are tested and evaluated. The

seven EALSprovide both the vendor and user with flexibility to define functional and assurance

requirementsthat are unique to their operating environments and to obtain an evaluated product

bestsuited to those needs.

Hardware and software companiesaround the world use the Common Criteria (CC) evaluation

program to provide a meansof comparison for the level of assurance that their products provide.

Asa cautionary note, while the evaluation program is very effective at validating a manufacturer’s

claims, itdoes not measure the overall security capabilities or vulnerabilities as a whole. Therefore,

Common Criteria certification should be one ofmany considerations when choosing security-related

productsinstead of being considered the de-facto standard.

White Paper: Canon imageRUNNER ADVANCE Security

Section 7 – Canon Solutions & Regulatory Requirements